There is no subject more important than security when you are talking about technology. This applies right across the board, whether computers, phones or even your car, not forgetting other kinds of security like that of your home and personal safety. Anyway, I am digressing.
For a good starting point to security see Decent Security on what to do with a Windows computer.
I believe Security Engineering is a good read and is available free, online Security Engineering - A Guide to Building Dependable Distributed Systems so have a read.
Generally I would suggest you will want to verify the file that you downloaded is what you expect and that it has not been modified in any way. In other words it is still what the publisher intended it to be. Having needed to do this for GPG Signed files I then had to work out how to check them, it was not as easy as it could or should have been! Here is a good starter for 10 Verifying A GPG Signed File (April 01, 2013)
It boils down to the following commands:
gpg --verify vsftpd-3.0.2.tar.gz.asc
gpg --recv-keys 3C0E751C (note the hex number should be displayed following first command)
gpg --verify vsftpd-3.0.2.tar.gz.asc (check signature matches that at website)
This was all done on a Linux VM and the files came from vsftpd - Secure, fast FTP server for UNIX-like systems
See MicroNugget: How Does Kerberos Work? - YouTube for a quick introduction on how it works.
In the above video there are references to your Kerberos Tray, if you wish to examine this then execute the following:
klist. However if your machine is not part of a domain then you won't get anything useful or interesting!
There are a number of free scanning tools, which are especially useful if you suspect you have a virus or some malware and want to get a second opinion from a different product.